Version Description
- IMPROVE: Upgrade of TimThumb from 2.8.9 to 2.8.10 to fix broken images.
Download this release
Release Info
| Developer | contrid |
| Plugin |  Slideshow Gallery |
| Version | 1.2.2.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.2.2 to 1.2.2.1
- readme.txt +6 -3
- slideshow-gallery-plugin.php +1 -1
- slideshow-gallery.php +9 -24
- vendors/timthumb.php +42 -56
readme.txt
CHANGED
|
@@ -2,9 +2,9 @@
|
|
| 2 |
Contributors: contrid
|
| 3 |
Donate link: http://tribulant.com/
|
| 4 |
Tags: wordpress plugins, wordpress slideshow gallery, slides, slideshow, image gallery, images, gallery, featured content, content gallery, javascript, javascript slideshow, slideshow gallery
|
| 5 |
-
Requires at least:
|
| 6 |
-
Tested up to: 3.
|
| 7 |
-
Stable tag: 1.2.2
|
| 8 |
|
| 9 |
Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website
|
| 10 |
|
|
@@ -80,6 +80,9 @@ Yes, you can use the `exclude` parameter to exclude post images by their order i
|
|
| 80 |
|
| 81 |
== Changelog ==
|
| 82 |
|
|
|
|
|
|
|
|
|
|
| 83 |
= 1.2.2 =
|
| 84 |
* FIX: Slides paging numbers didn't show up
|
| 85 |
* REMOVE: 'Description' not mandatory/required for each slide.
|
| 2 |
Contributors: contrid
|
| 3 |
Donate link: http://tribulant.com/
|
| 4 |
Tags: wordpress plugins, wordpress slideshow gallery, slides, slideshow, image gallery, images, gallery, featured content, content gallery, javascript, javascript slideshow, slideshow gallery
|
| 5 |
+
Requires at least: 3.1
|
| 6 |
+
Tested up to: 3.4.1
|
| 7 |
+
Stable tag: 1.2.2.1
|
| 8 |
|
| 9 |
Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website
|
| 10 |
|
| 80 |
|
| 81 |
== Changelog ==
|
| 82 |
|
| 83 |
+
= 1.2.2.1 =
|
| 84 |
+
* IMPROVE: Upgrade of TimThumb from 2.8.9 to 2.8.10 to fix broken images.
|
| 85 |
+
|
| 86 |
= 1.2.2 =
|
| 87 |
* FIX: Slides paging numbers didn't show up
|
| 88 |
* REMOVE: 'Description' not mandatory/required for each slide.
|
slideshow-gallery-plugin.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
|
| 3 |
class GalleryPlugin {
|
| 4 |
|
| 5 |
-
var $version = '1.2.2';
|
| 6 |
var $plugin_name;
|
| 7 |
var $plugin_base;
|
| 8 |
var $pre = 'Gallery';
|
| 2 |
|
| 3 |
class GalleryPlugin {
|
| 4 |
|
| 5 |
+
var $version = '1.2.2.1';
|
| 6 |
var $plugin_name;
|
| 7 |
var $plugin_base;
|
| 8 |
var $pre = 'Gallery';
|
slideshow-gallery.php
CHANGED
|
@@ -5,8 +5,8 @@ Plugin Name: Slideshow Gallery
|
|
| 5 |
Plugin URI: http://wpgallery.tribulant.net
|
| 6 |
Author: Tribulant Software
|
| 7 |
Author URI: http://tribulant.com
|
| 8 |
-
Description: Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website. The slideshow is flexible and all aspects can easily be configured. Embedding or hardcoding the slideshow gallery is a breeze. To embed into a post/page, simply insert <code>[slideshow]</code> into its content with an optional <code>post_id</code> parameter. To hardcode into any PHP file of your WordPress theme, simply use <code><?php if (
|
| 9 |
-
Version: 1.2.2
|
| 10 |
*/
|
| 11 |
|
| 12 |
define('DS', DIRECTORY_SEPARATOR);
|
|
@@ -105,31 +105,16 @@ if (!class_exists('Gallery')) {
|
|
| 105 |
}
|
| 106 |
|
| 107 |
function slideshow($output = true, $post_id = null, $exclude = null) {
|
| 108 |
-
|
|
|
|
|
|
|
|
|
|
| 109 |
|
| 110 |
-
if (
|
| 111 |
-
|
| 112 |
-
if (!empty($exclude)) {
|
| 113 |
-
$exclude = array_map('trim', explode(',', $exclude));
|
| 114 |
-
|
| 115 |
-
$a = 0;
|
| 116 |
-
foreach ($attachments as $id => $attachment) {
|
| 117 |
-
|
| 118 |
-
$a++;
|
| 119 |
-
if (in_array($a, $exclude)) {
|
| 120 |
-
unset($attachments[$id]);
|
| 121 |
-
}
|
| 122 |
-
}
|
| 123 |
-
}
|
| 124 |
-
|
| 125 |
-
$content = $this -> render('gallery', array('slides' => $attachments, 'frompost' => true), false, 'default');
|
| 126 |
-
}
|
| 127 |
} else {
|
| 128 |
-
|
| 129 |
-
$content = $this -> render('gallery', array('slides' => $slides, 'frompost' => false), false, 'default');
|
| 130 |
}
|
| 131 |
-
|
| 132 |
-
if ($output) { echo $content; } else { return $content; }
|
| 133 |
}
|
| 134 |
|
| 135 |
function embed($atts = array(), $content = null) {
|
| 5 |
Plugin URI: http://wpgallery.tribulant.net
|
| 6 |
Author: Tribulant Software
|
| 7 |
Author URI: http://tribulant.com
|
| 8 |
+
Description: Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website. The slideshow is flexible and all aspects can easily be configured. Embedding or hardcoding the slideshow gallery is a breeze. To embed into a post/page, simply insert <code>[slideshow]</code> into its content with an optional <code>post_id</code> parameter. To hardcode into any PHP file of your WordPress theme, simply use <code><?php if (function_exists('slideshow')) { slideshow($output = true, $post_id = false, $gallery_id = false, $params = array()); } ?></code>.
|
| 9 |
+
Version: 1.2.2.1
|
| 10 |
*/
|
| 11 |
|
| 12 |
define('DS', DIRECTORY_SEPARATOR);
|
| 105 |
}
|
| 106 |
|
| 107 |
function slideshow($output = true, $post_id = null, $exclude = null) {
|
| 108 |
+
$params['post_id'] = $post_id;
|
| 109 |
+
$params['exclude'] = $exclude;
|
| 110 |
+
|
| 111 |
+
$content = $this -> embed($params, false);
|
| 112 |
|
| 113 |
+
if ($output == true) {
|
| 114 |
+
echo $content;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 |
} else {
|
| 116 |
+
return $content;
|
|
|
|
| 117 |
}
|
|
|
|
|
|
|
| 118 |
}
|
| 119 |
|
| 120 |
function embed($atts = array(), $content = null) {
|
vendors/timthumb.php
CHANGED
|
@@ -12,10 +12,6 @@
|
|
| 12 |
*
|
| 13 |
* $Rev$
|
| 14 |
*/
|
| 15 |
-
|
| 16 |
-
|
| 17 |
-
error_reporting(0);
|
| 18 |
-
@ini_set('display_errors', 0);
|
| 19 |
|
| 20 |
/*
|
| 21 |
* --- TimThumb CONFIGURATION ---
|
|
@@ -24,25 +20,24 @@ error_reporting(0);
|
|
| 24 |
* loaded by timthumb. This will save you having to re-edit these variables
|
| 25 |
* everytime you download a new version
|
| 26 |
*/
|
| 27 |
-
define ('VERSION', '2.8.
|
| 28 |
//Load a config file if it exists. Otherwise, use the values below
|
| 29 |
if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php');
|
| 30 |
if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
|
| 31 |
if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
|
| 32 |
-
if(! defined('MEMORY_LIMIT') ) define ('MEMORY_LIMIT', '
|
| 33 |
if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', false); // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
|
| 34 |
|
| 35 |
//Image fetching and caching
|
| 36 |
-
if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL',
|
| 37 |
-
if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES',
|
| 38 |
-
if(! defined('FETCH_LOCAL_URLS') ) define ('FETCH_LOCAL_URLS', true); // If true, URL sources will always be fetched over HTTP, even if they have the same hostname as this script
|
| 39 |
if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
|
| 40 |
if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
|
| 41 |
|
| 42 |
if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
|
| 43 |
if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
|
| 44 |
if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them
|
| 45 |
-
if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', '../../../uploads/slideshow-gallery/cache
|
| 46 |
if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
|
| 47 |
if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
|
| 48 |
if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
|
|
@@ -138,7 +133,6 @@ if(! isset($ALLOWED_SITES)){
|
|
| 138 |
'imgur.com',
|
| 139 |
'imageshack.us',
|
| 140 |
'tinypic.com',
|
| 141 |
-
|
| 142 |
);
|
| 143 |
}
|
| 144 |
// -------------------------------------------------------------
|
|
@@ -171,9 +165,9 @@ class timthumb {
|
|
| 171 |
protected static $curlFH = false;
|
| 172 |
public static function start(){
|
| 173 |
$tim = new timthumb();
|
| 174 |
-
$tim
|
| 175 |
-
$tim
|
| 176 |
-
if($tim
|
| 177 |
exit(0);
|
| 178 |
}
|
| 179 |
$tim->handleErrors();
|
|
@@ -189,8 +183,8 @@ class timthumb {
|
|
| 189 |
global $ALLOWED_SITES;
|
| 190 |
$this->startTime = microtime(true);
|
| 191 |
date_default_timezone_set('UTC');
|
| 192 |
-
$this
|
| 193 |
-
$this
|
| 194 |
//On windows systems I'm assuming fileinode returns an empty string or a number that doesn't change. Check this.
|
| 195 |
$this->salt = @filemtime(__FILE__) . '-' . @fileinode(__FILE__);
|
| 196 |
$this->debug(3, "Salt is: " . $this->salt);
|
|
@@ -212,12 +206,13 @@ class timthumb {
|
|
| 212 |
//Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
|
| 213 |
$this->cleanCache();
|
| 214 |
|
| 215 |
-
$this
|
| 216 |
-
$this
|
| 217 |
-
$this
|
|
|
|
| 218 |
|
| 219 |
-
if(strlen($this
|
| 220 |
-
$this
|
| 221 |
return false;
|
| 222 |
}
|
| 223 |
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
|
|
@@ -233,9 +228,6 @@ class timthumb {
|
|
| 233 |
return false;
|
| 234 |
exit(0);
|
| 235 |
}
|
| 236 |
-
if(!FETCH_LOCAL_URLS && preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){
|
| 237 |
-
$this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
|
| 238 |
-
}
|
| 239 |
if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
|
| 240 |
$this->debug(2, "Is a request for an external URL: " . $this->src);
|
| 241 |
$this->isURL = true;
|
|
@@ -265,22 +257,20 @@ class timthumb {
|
|
| 265 |
}
|
| 266 |
|
| 267 |
$cachePrefix = ($this->isURL ? '_ext_' : '_int_');
|
| 268 |
-
if($this
|
| 269 |
$arr = explode('&', $_SERVER ['QUERY_STRING']);
|
| 270 |
asort($arr);
|
| 271 |
$this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . implode('', $arr) . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
|
| 272 |
} else {
|
| 273 |
-
$this
|
| 274 |
-
|
| 275 |
-
|
| 276 |
-
$this
|
| 277 |
-
$this
|
| 278 |
-
$this -> set404();
|
| 279 |
return false;
|
| 280 |
}
|
| 281 |
-
|
| 282 |
-
$this
|
| 283 |
-
$this -> localImageMTime = @filemtime($this->localImage);
|
| 284 |
//We include the mtime of the local file in case in changes on disk.
|
| 285 |
$this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . $this->localImageMTime . $_SERVER ['QUERY_STRING'] . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
|
| 286 |
}
|
|
@@ -538,8 +528,8 @@ class timthumb {
|
|
| 538 |
|
| 539 |
// set default width and height if neither are set already
|
| 540 |
if ($new_width == 0 && $new_height == 0) {
|
| 541 |
-
|
| 542 |
-
|
| 543 |
}
|
| 544 |
|
| 545 |
// ensure size limits can not be abused
|
|
@@ -831,7 +821,6 @@ class timthumb {
|
|
| 831 |
imagedestroy($image);
|
| 832 |
return true;
|
| 833 |
}
|
| 834 |
-
|
| 835 |
protected function calcDocRoot(){
|
| 836 |
$docRoot = @$_SERVER['DOCUMENT_ROOT'];
|
| 837 |
if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
|
|
@@ -853,43 +842,41 @@ class timthumb {
|
|
| 853 |
}
|
| 854 |
if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
|
| 855 |
$this->debug(3, "Doc root is: " . $docRoot);
|
| 856 |
-
$docRoot = rtrim($docRoot, '/') . '/';
|
| 857 |
$this->docRoot = $docRoot;
|
|
|
|
| 858 |
}
|
| 859 |
-
|
| 860 |
protected function getLocalImagePath($src){
|
| 861 |
$src = ltrim($src, '/'); //strip off the leading '/'
|
| 862 |
-
|
| 863 |
-
if(! $this -> docRoot){
|
| 864 |
$this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that.");
|
| 865 |
//We don't support serving images outside the current dir if we don't have a doc root for security reasons.
|
| 866 |
$file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename.
|
| 867 |
if(is_file($file)){
|
| 868 |
-
return $this
|
| 869 |
}
|
| 870 |
return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons.");
|
| 871 |
} //Do not go past this point without docRoot set
|
| 872 |
|
| 873 |
//Try src under docRoot
|
| 874 |
-
if(file_exists ($this
|
| 875 |
-
$this->debug(3, "Found file as " . $this
|
| 876 |
-
$real = $this
|
| 877 |
if(stripos($real, $this->docRoot) === 0){
|
| 878 |
return $real;
|
| 879 |
} else {
|
| 880 |
-
$this
|
| 881 |
//allow search to continue
|
| 882 |
}
|
| 883 |
}
|
| 884 |
//Check absolute paths and then verify the real path is under doc root
|
| 885 |
-
$absolute = $this
|
| 886 |
if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here
|
| 887 |
$this->debug(3, "Found absolute path: $absolute");
|
| 888 |
if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); }
|
| 889 |
if(stripos($absolute, $this->docRoot) === 0){
|
| 890 |
return $absolute;
|
| 891 |
} else {
|
| 892 |
-
$this
|
| 893 |
//and continue search
|
| 894 |
}
|
| 895 |
}
|
|
@@ -898,18 +885,18 @@ class timthumb {
|
|
| 898 |
|
| 899 |
// account for Windows directory structure
|
| 900 |
if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
|
| 901 |
-
$sub_directories = explode('\\', str_replace($this
|
| 902 |
} else {
|
| 903 |
-
$sub_directories = explode('/', str_replace($this
|
| 904 |
}
|
| 905 |
|
| 906 |
foreach ($sub_directories as $sub){
|
| 907 |
$base .= $sub . '/';
|
| 908 |
-
$this
|
| 909 |
if(file_exists($base . $src)){
|
| 910 |
$this->debug(3, "Found file as: " . $base . $src);
|
| 911 |
$real = $this->realpath($base . $src);
|
| 912 |
-
if(stripos($real, $this
|
| 913 |
return $real;
|
| 914 |
} else {
|
| 915 |
$this->debug(1, "Security block: The file specified occurs outside the document root.");
|
|
@@ -917,7 +904,6 @@ class timthumb {
|
|
| 917 |
}
|
| 918 |
}
|
| 919 |
}
|
| 920 |
-
|
| 921 |
return false;
|
| 922 |
}
|
| 923 |
protected function realpath($path){
|
|
@@ -1086,8 +1072,8 @@ class timthumb {
|
|
| 1086 |
}
|
| 1087 |
protected function securityChecks(){
|
| 1088 |
}
|
| 1089 |
-
protected function param($property, $default = '')
|
| 1090 |
-
if (isset($_GET[$property])) {
|
| 1091 |
return $_GET[$property];
|
| 1092 |
} else {
|
| 1093 |
return $default;
|
|
@@ -1250,7 +1236,7 @@ class timthumb {
|
|
| 1250 |
|
| 1251 |
}
|
| 1252 |
protected function set404(){
|
| 1253 |
-
$this
|
| 1254 |
}
|
| 1255 |
protected function is404(){
|
| 1256 |
return $this->is404;
|
| 12 |
*
|
| 13 |
* $Rev$
|
| 14 |
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
|
| 16 |
/*
|
| 17 |
* --- TimThumb CONFIGURATION ---
|
| 20 |
* loaded by timthumb. This will save you having to re-edit these variables
|
| 21 |
* everytime you download a new version
|
| 22 |
*/
|
| 23 |
+
define ('VERSION', '2.8.10'); // Version of this script
|
| 24 |
//Load a config file if it exists. Otherwise, use the values below
|
| 25 |
if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php');
|
| 26 |
if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
|
| 27 |
if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
|
| 28 |
+
if(! defined('MEMORY_LIMIT') ) define ('MEMORY_LIMIT', '30M'); // Set PHP memory limit
|
| 29 |
if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', false); // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
|
| 30 |
|
| 31 |
//Image fetching and caching
|
| 32 |
+
if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
|
| 33 |
+
if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
|
|
|
|
| 34 |
if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
|
| 35 |
if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
|
| 36 |
|
| 37 |
if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
|
| 38 |
if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
|
| 39 |
if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them
|
| 40 |
+
if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', '../../../uploads/slideshow-gallery/cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
|
| 41 |
if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
|
| 42 |
if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
|
| 43 |
if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
|
| 133 |
'imgur.com',
|
| 134 |
'imageshack.us',
|
| 135 |
'tinypic.com',
|
|
|
|
| 136 |
);
|
| 137 |
}
|
| 138 |
// -------------------------------------------------------------
|
| 165 |
protected static $curlFH = false;
|
| 166 |
public static function start(){
|
| 167 |
$tim = new timthumb();
|
| 168 |
+
$tim->handleErrors();
|
| 169 |
+
$tim->securityChecks();
|
| 170 |
+
if($tim->tryBrowserCache()){
|
| 171 |
exit(0);
|
| 172 |
}
|
| 173 |
$tim->handleErrors();
|
| 183 |
global $ALLOWED_SITES;
|
| 184 |
$this->startTime = microtime(true);
|
| 185 |
date_default_timezone_set('UTC');
|
| 186 |
+
$this->debug(1, "Starting new request from " . $this->getIP() . " to " . $_SERVER['REQUEST_URI']);
|
| 187 |
+
$this->calcDocRoot();
|
| 188 |
//On windows systems I'm assuming fileinode returns an empty string or a number that doesn't change. Check this.
|
| 189 |
$this->salt = @filemtime(__FILE__) . '-' . @fileinode(__FILE__);
|
| 190 |
$this->debug(3, "Salt is: " . $this->salt);
|
| 206 |
//Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
|
| 207 |
$this->cleanCache();
|
| 208 |
|
| 209 |
+
$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
|
| 210 |
+
$this->src = $this->param('src');
|
| 211 |
+
$this->url = parse_url($this->src);
|
| 212 |
+
$this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
|
| 213 |
|
| 214 |
+
if(strlen($this->src) <= 3){
|
| 215 |
+
$this->error("No image specified");
|
| 216 |
return false;
|
| 217 |
}
|
| 218 |
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
|
| 228 |
return false;
|
| 229 |
exit(0);
|
| 230 |
}
|
|
|
|
|
|
|
|
|
|
| 231 |
if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
|
| 232 |
$this->debug(2, "Is a request for an external URL: " . $this->src);
|
| 233 |
$this->isURL = true;
|
| 257 |
}
|
| 258 |
|
| 259 |
$cachePrefix = ($this->isURL ? '_ext_' : '_int_');
|
| 260 |
+
if($this->isURL){
|
| 261 |
$arr = explode('&', $_SERVER ['QUERY_STRING']);
|
| 262 |
asort($arr);
|
| 263 |
$this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . implode('', $arr) . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
|
| 264 |
} else {
|
| 265 |
+
$this->localImage = $this->getLocalImagePath($this->src);
|
| 266 |
+
if(! $this->localImage){
|
| 267 |
+
$this->debug(1, "Could not find the local image: {$this->localImage}");
|
| 268 |
+
$this->error("Could not find the internal image you specified.");
|
| 269 |
+
$this->set404();
|
|
|
|
| 270 |
return false;
|
| 271 |
}
|
| 272 |
+
$this->debug(1, "Local image path is {$this->localImage}");
|
| 273 |
+
$this->localImageMTime = @filemtime($this->localImage);
|
|
|
|
| 274 |
//We include the mtime of the local file in case in changes on disk.
|
| 275 |
$this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . $this->localImageMTime . $_SERVER ['QUERY_STRING'] . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
|
| 276 |
}
|
| 528 |
|
| 529 |
// set default width and height if neither are set already
|
| 530 |
if ($new_width == 0 && $new_height == 0) {
|
| 531 |
+
$new_width = 100;
|
| 532 |
+
$new_height = 100;
|
| 533 |
}
|
| 534 |
|
| 535 |
// ensure size limits can not be abused
|
| 821 |
imagedestroy($image);
|
| 822 |
return true;
|
| 823 |
}
|
|
|
|
| 824 |
protected function calcDocRoot(){
|
| 825 |
$docRoot = @$_SERVER['DOCUMENT_ROOT'];
|
| 826 |
if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
|
| 842 |
}
|
| 843 |
if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
|
| 844 |
$this->debug(3, "Doc root is: " . $docRoot);
|
|
|
|
| 845 |
$this->docRoot = $docRoot;
|
| 846 |
+
|
| 847 |
}
|
|
|
|
| 848 |
protected function getLocalImagePath($src){
|
| 849 |
$src = ltrim($src, '/'); //strip off the leading '/'
|
| 850 |
+
if(! $this->docRoot){
|
|
|
|
| 851 |
$this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that.");
|
| 852 |
//We don't support serving images outside the current dir if we don't have a doc root for security reasons.
|
| 853 |
$file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename.
|
| 854 |
if(is_file($file)){
|
| 855 |
+
return $this->realpath($file);
|
| 856 |
}
|
| 857 |
return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons.");
|
| 858 |
} //Do not go past this point without docRoot set
|
| 859 |
|
| 860 |
//Try src under docRoot
|
| 861 |
+
if(file_exists ($this->docRoot . '/' . $src)) {
|
| 862 |
+
$this->debug(3, "Found file as " . $this->docRoot . '/' . $src);
|
| 863 |
+
$real = $this->realpath($this->docRoot . '/' . $src);
|
| 864 |
if(stripos($real, $this->docRoot) === 0){
|
| 865 |
return $real;
|
| 866 |
} else {
|
| 867 |
+
$this->debug(1, "Security block: The file specified occurs outside the document root.");
|
| 868 |
//allow search to continue
|
| 869 |
}
|
| 870 |
}
|
| 871 |
//Check absolute paths and then verify the real path is under doc root
|
| 872 |
+
$absolute = $this->realpath('/' . $src);
|
| 873 |
if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here
|
| 874 |
$this->debug(3, "Found absolute path: $absolute");
|
| 875 |
if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); }
|
| 876 |
if(stripos($absolute, $this->docRoot) === 0){
|
| 877 |
return $absolute;
|
| 878 |
} else {
|
| 879 |
+
$this->debug(1, "Security block: The file specified occurs outside the document root.");
|
| 880 |
//and continue search
|
| 881 |
}
|
| 882 |
}
|
| 885 |
|
| 886 |
// account for Windows directory structure
|
| 887 |
if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
|
| 888 |
+
$sub_directories = explode('\\', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
|
| 889 |
} else {
|
| 890 |
+
$sub_directories = explode('/', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
|
| 891 |
}
|
| 892 |
|
| 893 |
foreach ($sub_directories as $sub){
|
| 894 |
$base .= $sub . '/';
|
| 895 |
+
$this->debug(3, "Trying file as: " . $base . $src);
|
| 896 |
if(file_exists($base . $src)){
|
| 897 |
$this->debug(3, "Found file as: " . $base . $src);
|
| 898 |
$real = $this->realpath($base . $src);
|
| 899 |
+
if(stripos($real, $this->realpath($this->docRoot)) === 0){
|
| 900 |
return $real;
|
| 901 |
} else {
|
| 902 |
$this->debug(1, "Security block: The file specified occurs outside the document root.");
|
| 904 |
}
|
| 905 |
}
|
| 906 |
}
|
|
|
|
| 907 |
return false;
|
| 908 |
}
|
| 909 |
protected function realpath($path){
|
| 1072 |
}
|
| 1073 |
protected function securityChecks(){
|
| 1074 |
}
|
| 1075 |
+
protected function param($property, $default = ''){
|
| 1076 |
+
if (isset ($_GET[$property])) {
|
| 1077 |
return $_GET[$property];
|
| 1078 |
} else {
|
| 1079 |
return $default;
|
| 1236 |
|
| 1237 |
}
|
| 1238 |
protected function set404(){
|
| 1239 |
+
$this->is404 = true;
|
| 1240 |
}
|
| 1241 |
protected function is404(){
|
| 1242 |
return $this->is404;
|
